Monday, January 7, 2008

Okay, I got a new Sandisk micro USB drive. There is a special in Staples on it for $20.

What we need to do now is make two partitions on the drive. One for the BackTrack OS, and one for the changes. Windows only recognizes FAT partitions, while Backtrack can only save changes to an ext2 partition, whatever that is. Two weeks ago, I worked for hours trying to get this setup to work. One 1.5GB partition for the OS and for anything else I want to store. This partition can be read with Windows. It's a FAT32 partition. The second partition of 0.5GB has to be an ext2 partition to save the changes. This will not be recognized by Windows.

Okay, this is the issue. Windows will not let you partition USB drives. It recognizes it as a removable Disk, for which Windows does not support partitions. I tried time after time to make both partitions in Linux. No luck. I couldn't get the drive to boot correctly. Someone on forums.remote-exploit.org mentioned that making the FAT32 partition on linux can be unstable, so we have to make it on Windows, which is easier said than done.

Now look at the list of items under USBSTOR. My Sandisk Drive has two entries. One that is classified as a CdRom, because Sandisk puts this weird software called U3 on. We need the entry that starts with Disk, by me it's 'Disk&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_4.04'. Depending on your drive it will say some thing that should start with 'Disk&Ven_'.,

Once you've found that, right click on it. From the menu that comes up, select 'Copy Key Name'.

Now open Notepad, or your text editor and paste it there for future use. The line should look something like 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_4.05', depending on your drive

Now go to http://www.xpefiles.com/viewtopic.php?t=92 and click on the Download button to download the file. Go to the folder on your computer that contains your download files and unzip the files into a folder. You should now have 6 files in that folder. Double click on the file called cfadisk.inf. It should open in Notepad, otherwise right click and choose open with..., and open it in Notepad.

Look at the file. You will see 10 lines that begin with '%Microdrive_devdesc% = cfadisk_install,' and is followed with 'IDE\.......'.

Go back to your open Notepad containing the line you copied from RegEdit, and press Ctrl-A to select it, and Ctrl-C to copy it to the clipboard. Now go back to the other open notepad file. On each of the 10 lines that start with '%Microdrive_devdesc% = cfadisk_install,' select all the text following the 'comma', for example, select 'DiskIBM-DSCM-11000__________________________SC2IC801' and press Ctrl-V to paste the Regedit line in instead of it. Do that to all 10 lines, and close and save the file.

Here's what it looks like now:Click on Start, and select Control Panel.Select System.Once that opens, click the Hardware tab, and select Device Manager.Double click on Disk Drives, and look for your USB drive.Right click on it, and select Update Driver.

It will ask you if Windows can connect, select 'No, not this time'. Click Next.Select 'Install from a list or specific location' and click next.Select 'Don't Search. I will choose the driver to install'. Click next.Click 'Have disk' and then select 'Browse'.Locate the folder you unzipped the driver file to, and double click on 'cfadisk.inf'.Press 'OK' Click Next.It will give a 'Update Driver Warning', click 'Yes'.It will warn you that the driver has not passed Windows Logo Testing, click 'ContinueAnyway'.Let Windows do it's magic and click 'Finish'.

If all worked as it should, if you open 'My Computer' now, you will see your USB drive listed as a Local Drive, not a Removable Disk. Cool!!! Now it's partitionable and all.

We are currently fooling Bill Gates into thinking that our USB drive is a Local Disk. Now let's move on to partitioning. Right click on 'My Computer' and select 'Manage'. (Alternatively, you can click Start-->Run--> type 'compmgmt.msc'-->OK.)Click on Disk Management. Find the drive that is your USB drive. WARNING: We are about to erase the partition on it, so make sure you got the right drive, otherwise....Right click on the drive letter and select 'Delete Partition...'. You will get a warning, click 'Yes' to continue.You will now see your drive fully Unallocated on the bottom panel. Right click on it in the panel, and select 'New Partition'. Click next, leave it a Primary Partition so just click next again.Now you have to specify how much space to allocate for your FAT partition. Leave about 500MB for changes, and use the rest for this. Don't save too much space for the changes, since it won't be recognized in Windows, it will get wasted. For example, on my 2GB drive I enter 1500 for 1.5GB. Please note that you must have this partition at least 700MB in size, to fit the BackTrack files. Press next.Assign Whatever letter you like or just leave it at the default. Press Next.On the next menu, make sure Format this partition... is selected, set 'File system' to FAT32, and set 'Volume label' to whatever you like. I named it BackTrack. This is the name that will show up for the drive in 'My Computer'. Click Next. Click Finish.Let Windows do it's magic, and you have yourself a nice partition on your USB Flash Drive. Shhh... Don't tell Bill.

Next we're going to install BackTrack onto the USB Drive and boot into Backtrack.

If you're having troubles connecting to xpefiles.com, I found an alternative site to download from: http://www.lancelhoff.com/2008/06/19/make-windows-see-any-usb-flash-drive-as-local-disk/

It does the same thing and is mostly the same file, but it has an easier option of inputting the drive location. Just follow the instructions on that site for installing the flash drive driver and you'll be fine.

hmh, next is maybe more simple and less windows tweaky, but it works 4 me, just plug usb stick, put windows install cd and boot from cd, click next until you see chose a partition to install to section, here you can pick your usb drive and edit its partition just like on regular HDDchaers